—
MAL-2026-6960
Malicious code in pyqt6darktheme (PyPI)
Details
--- _-= Per source details. Do not edit below this line.=-_
## Source: kam193 (2bdc188e3830dcb855d495618a4f3de11307a230cfef8c8ca4ce93199f254ca7) Package downloads and runs a remote executable, which was found to downloads further exes and starting coine mining
---
Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.
Campaign: 2026-07-pyqt6darktheme
Reasons (based on the campaign):
- Downloads and executes a remote executable.
- cryptominer
- malware
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / pyqt6darktheme
No fixed version published yet for pyqt6darktheme (pip). Pin to a known-safe version or switch to an alternative.
References
- https://tria.ge/260708-eg92psat5t [EVIDENCE]
- https://www.virustotal.com/gui/file/93be0d295af944feef85c8694f88a50b660f106a5ed18300252a72d8b43b69de/detection [EVIDENCE]
- https://www.virustotal.com/gui/file/1f1963b8ccabbb9aaae9ce93b78d91f4f01faf0a21aed8e71b2adece16f8d5e6/detection [EVIDENCE]
- https://bad-packages.kam193.eu/pypi/package/pyqt6darktheme [WEB]